When googling for Discovery.asmx the only clue i get is that this service is used by WIndows Live ID. Apparently it is active even when Live ID is not the actual authentication provider used on that website.
You could try blocking access to this service using IIS directly? Just open the IIS manager and find the service. Then block all outside access to it. Not to sure what possibilities there are regarding this though (disable all authentication, or add a redirect to 404 page rule to it...)
P.S. Make sure it doesn't pose an actual security hole / threat first though.
Colin
2009-12-17 23:50:24